Has The Cyber ‘Pearl Harbor’ Already Happened?

Uploaded on 2016-06-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Over the past few years an abundance of rhetorical bravado has been creatively exhausted by the US legislative community and law enforcement to expedite legislation that will protect us from a future cyber event so catastrophic, so devastating, that it could only be described as “The Cyber Pearl Harbor".

The fact is that, the Cyber Pearl Harbor that many seem to be waiting for has already occurred in the embodiment of the Office of Personnel Management breach. The devastation to our counter intelligence, general population and federal landscape as a whole is so profound that the damage of this breach has yet to be fully calculated. 

Compounded by the Anthem breach, over 100 million Americans have their most intimate personal details in the hands of a foreign APT, most likely controlled by China, for multi-generational exploitation, blackmail and surveillance. Strangely, an incident that should have had Americans protesting in the streets, was quickly swept under the rug and vanished from conversation. 

From Al Qaeda to Al Shabaab, from Boko Haram to ISIS, this Cyber Caliphate flourishes in the techno nutrient rich, binary soil of the Internet and continually reinforced via graphic imagery and unique story telling in publications such as Dabiq and Kybernetiq. The rapid success of the Cyber-Jihad movement has been expedited via magnification of xenophobia, powerful and organized propaganda and the targeting and recruitment of social outcasts from the American Midwest to the Streets of Paris and London, and religious zealots who make easy recruits for carrying out cyber-attacks as part of the collective and lone wolf initiatives. 

Al Qaeda: 

Al Qaeda founder Osama bin Laden relied on charisma, fatwas, and rhetoric to rally militants to his cause. After bin Laden’s death in 2011, Ayman al Zawahiri assumed control of the organization. 

According to cloud security firm, BatBlue, Al Qaeda has used technology and the Internet to distribute officially sanctioned propaganda since the 1980’s. In the 1990’s, the group began to use the Internet for secure communications between members. Most Al Qaeda communications are encrypted or obfuscated in some way. 

Al Shabaab: 

Al Shabaab is a Somalia based militant organization with strong ties to Al Qaeda. Al Shabaab was the militant wing of the Somali Council of Islamic Courts that seized southern Somalia in late 2006 until 2007. Since then, it has continued to fight in southern and central Somalia, relying on guerilla warfare and terrorist tactics. Al Shabaab is not centralized or monolithic in its agenda or goals. It consists of disparate clans; consequently, it is susceptible to internal strife, clan politics, and brittle alliances. It does not appear interested in a global jihad. 

Boko Haram: 

Boko Haram is a terrorist organization that strives to establish a militant Islamic state in Nigeria. Founded by Mohammed Yusuf in 2002, the group initially focused on opposing Western education. Initially, it recruited local children through a school that claimed to promote an Islamic education. The children were trained as soldiers and it began launching military operations in 2009 in an attempt to create an Islamic state. 

The group was aligned to Al Qaeda until January 2015, when it switched allegiance to ISIS. Afterward, the group’s presence on social media and its distributed propaganda materials have become more robust. It is possible that it receives assistance from ISIS in the creation and distribution of its materials. Prior to its association with ISIS, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group’s social media presence remains inconstant and poorly aligned with its other propaganda. 

After allying with ISIS, its published videos and photographs began to mirror that of ISIS. Boko Harem has not yet begun to heavily recruit online. Its propaganda is used more to spread fear than to recruit. It is possible that the group raised funds in the past through an advanced fee fraud or 419 scam. Essentially, the scam involves promising a victim a share in greater financial holdings if they provide a forward investment to “free the funds”. Security researchers believe that the group still does the 419 scam because it is still profitable for them and because it allows them to target individuals, instead of large organizations or governments. 

The group has not shown signs of adopting more sophisticated methods of raising funds, such as ransomware. At the time of this writing, Boko Harem does not have a widespread cyber strategy; however, its alliance with ISIS may lead to the rapid development of newfound capabilities. 

ISIS

The Islamic State of Iraq and Syria (ISIS), also known as the Islamic State of the Levant (ISIL), the Islamic State (IS) or the Daesh, was originally formed as an Iraqi branch of Al Qaeda in 2004. 

It has since developed into an independent organization that is more radical in its views and more technologically sophisticated in its use of social media and the internet. In summer 2014, ISIS leader Abu Bakr al-Baghdadi declared a global jihad. He called on all Muslims to join his cause by either travelling to Iraq or Syria or by supporting the jihad locally. The call specifically focused on recruiting technically skilled and sophisticated individuals, such as engineers, hackers, and doctors, to join the cause. 

ISIS leader Abu Bakr al Bagdadi avoids public exposure and he relies on ruthless violence to assert his power. Bagdadi is the supreme religious and political leader within ISIS. In 2014, he personally issued the call for all “true Muslims” to join in a global caliphate. The caliph has unchecked authority, but it relies on regional deputies to oversee its regions and manage the imposed administration in each region. The Shura Council can theoretically depose the caliph; however, such an action is unlikely since all members were appointed by al Baghdadi. 

ISIS has a strong online presence that heavily recruits and promotes “lone-wolf” actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards. Members target lonely and misguided individuals, regardless of their initial beliefs, by offering a sense of community and by glamorizing the fight, actions, and lifestyle of the movement. 

ISIS poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials. Some members are technically sophisticated enough to promote the message and culture by defacing websites, social media accounts, and other media channels with text, images, and videos, glorifying the agenda of the group. 

The technical tools, techniques, and procedures of the group are rapidly escalating as its membership and resources increase. Increases in ISIS online activity tends to coincide with major current events. The group capitalizes off the chaos that it creates, such as launching a major Twitter campaign after the Paris attacks, as well as by turning global events, such as the Syrian refugee crisis, to its advantage. 

ISIS encourages young supporters to tweet, blog, and otherwise share their reactions, opinions, and views. The group calls new recruits to conduct domestic lone-wolf attacks using novel mechanisms, such as the hashtag “#FightforHim” following the Paris attacks. 

The success of the ISIS propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers’ popularity declined in favor of online media, static propaganda publications are declining in favor of robust, dynamic multi- platform campaigns. Their social media campaigns are widespread, resilient, and adaptive. ISIS content is constantly removed from conventional social media; however, they have or had a presence on Facebook, Twitter, Tumblr, Instagram, Friendica, Diaspora, and other outlets. 

Their videos are edited, clear, and include special effects. Video content has been released on YouTube, IS-tube, Dailymotion, personal blogs, and on other media hosting networks. They have released podcasts and interviews on Ask.FM, Mixir, Paltalk, and other channels. ISIS has also used more conventional media outlets, such as Al-Battar Media, Dawla Media, and Al-Platform Media, to spread its message. 

Defaced websites are often reconfigured to feature the flag of ISIS and phrases like “Hacked by the Islamic State”. The defacements are meant to scare Western businesses and organizations more than recruit new followers. Website defacement often occurs through widely publicized vulnerabilities, such as an outdated WordPress plugin. Those affected range from businesses, to schools, to individual users. 

By inconveniencing small targets, ISIS creates a sense of fear and xenophobia in the target population that it can leverage to recruit Muslims and social outcasts who are disenfranchised by cultural stigmas. Screenshots, recordings and lists of defaced and targeted websites have been found on forums, such as Aliyyosh, an Arab hacker forum. 

Stolen Personal Identifiable information belonging to Israelis and Western and American Jews has also been discovered on the forums. In March 2015, a list of names, units, addresses, and photographs of over one hundred U.S. military personnel, supposedly involved in the bombing of ISIS targets, was posted online. 

Motive: 

Extremist groups such as ISIS aspire to create chaos, inflict harm, and disrupt services in the nations and organizations that they oppose. In many cases, small attacks that incite panic and fear in many members of the population are just as effective as large attacks that embarrass or undermine opposing geopolitical powers. 

Jihadist groups are increasingly motivated to adopt cyber-defensive capabilities, such as encryption applications and anonymity tools, so that their members can remain undiscovered within the general population and so that their activities remain unknown to opposing intelligence and counterintelligence entities. By developing cyber-offensive capabilities, extremist groups can raise funds, inflict harm from across the globe, gather information about targets, 

The ISIS Cyber “Help Desk”: 

In November 2015, the media reported that ISIS has spent over a year developing a “24- hour cyber help desk”, across a series of forums, applications, and social media platforms, to assist its followers in remaining anonymous and instructing them on basic hacker tools, techniques, and procedures. 

The campaign is intended to spread the Jihadist message to new recruits, spread greater fear, and increase the number of attacks against foreign nations. The primary function of the help desk was to instruct perspective jihadists in the use of encryption and other secure communication applications to evade law enforcement and intelligence authorities. 

The group promotes the use of deep web forums and secure platforms to obfuscate their activities so that they can covertly plan recruitment, propaganda, and terror campaigns without worrying that signal intelligence or other indicators will expose their operations.

Conclusion

ISIS has already been purchasing attacks on Western organizations and critical infrastructure for years. Groups like ISIS might hate Western culture and practices, but they have no qualms about appropriating and weaponizing material and assets developed in those regions. 

They use guns manufactured in the United States and Russia and vehicles from Japan, so why would they refuse to use malware or hackers from foreign nations. To the zealots, the cyber assets are just more weapons to use in their battle. In all likelihood, the cyber-mercenaries hired would not know if they were conducting attacks on behalf of the terrorist organization. As a result of the anonymity that the hackers themselves rely on, they would unknowingly infect systems, steal data, or otherwise cause chaos for a terror organization. 

Given a fiscal asset portfolio at a very conservative estimate of over $1 billion, ISIS can hire many hackers to conduct many attacks. If those attacks result in stolen data, intellectual property, or other intangible assets, then the organization can sell the data to perpetuate the cycle. 

While many cyberterrorist organizations are lacking in their capacity to pose a significant cyber threat to global organizations, ISIS already possesses the motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns. 

ICITech:

 

« Your Next Security Analyst Will Probably Be A Computer
Cyber Insurance Is Changing How We Look At Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association (NHCAA)

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.